[darcs-devel] [issue177] defense against malicious patch file
oversteps its bounds
Zooko
bugs at darcs.net
Tue May 23 19:48:04 PDT 2006
New submission from Zooko <zooko at zooko.com>:
I'm using darcs to manage, among other things, another darcs repository. The
recent security feature (in 1.0.6 a.k.a. 1.0.7pre1) has caused a problem
because it notices that one of the patches is modifying
"./trunk/_darcs/prefs/defaults" and aborts.
It makes sense to forbid patch files from modifying the _darcs directory of
their *own* darcs repository, but it is wrong to forbid them to modify any
directory whose name is "_darcs"!
Just to be clear, the "./trunk/_darcs" is not the metadir for this darcs repo.
That would be "./_darcs".
Regards,
Zooko
----------
messages: 671
nosy: droundy, tommy, zooko
status: unread
title: defense against malicious patch file oversteps its bounds
____________________________________
Darcs issue tracker <bugs at darcs.net>
<http://bugs.darcs.net/issue177>
____________________________________
More information about the darcs-devel
mailing list